Vista and Leopard's Windows Filesharing

Vista is a pain in my ass.  Leopard, decidedly less so, but still a pain.  The two of them together?  Well, please just kill me.

First issue - Vista can't connect to a fileshare I set up on my Leopard-based PowerMac.  Vista complains that I've entered the wrong password.  On the Mac, /var/log/samba/log.smbd says this:

[2007/11/17 22:57:59, 0, pid=475] /SourceCache/samba/samba-187/samba/source/auth/auth_odsam.c:opendirectory_smb_pwd_check_ntlmv2(446)
opendirectory_ntlmv2_auth_user gave -14090 [eDSAuthFailed]

From this site, I found that when entering the username on Vista, you have to do it in the format of IPADDRESSusername.  So, if the server's IP is 192.168.1.1 and the username is bob, then you enter 192.168.1.1bob as the username on Vista.  And then enter your password like you normally would.

Second issue - Vista's Windows Backup and Restore Center gives you the option to backup to a fileshare.  Seems like a no-brainer, eh?  Well, not so much, as evidenced from posts like these.  I eventually found that I had to use the registry edit to change Vista's LmCompatibilityLevel from 3 to 2.  That seemed to do the trick.

But of course, Vista has, yet again, failed in its backup.  The network share is no longer available, or some such BS.

I love Windows.  Gah.

Windows NT's Infernal Filesystem

Here be dragons.

This is the t-shirt I wore to work today. By the end of the day, it was a painful reminder of just how wrong a service pack install can go. So - I've installed SP2 on two XP boxes. One at home, and my test box at work. I waited until today during lunch to upgrade my normal workstation. And, oh how it did break. Sigh.

During the backing up of files, it complained about not being able to read one file. I skipped that file. Then, after the upgrade, RPC wouldn't start. Well now - considering how much on a Windows box depends on RPC, I was pretty well fucked. In task manager, my username did not show up for processes I had started. I couldn't view individual events in event viewer. I couldn't move icons on the desktop. New windows I opened were not showing up on the taskbar. I couldn't resize the taskbar unless Quick Launch was enabled, and even if it was I still sometimes couldn't resize it. I couldn't add a new local user to the local administrators group. I couldn't start RPC (access denied).

I exported my entire system log to a text file so I could see what happened. Bad block on the hard drive. Run chkdsk. Reboot. It finds errors. RPC still won't start!

Had to get one of the IT guys come by and change all of these services to start as the local system account rather than a network account. That got me back up and running, but I still had a bad hard drive to contend with. And these services are *supposed* to run with a network account. This breaks several things in a computer that's joined to a domain.

As it ends up, I got little work done this afternoon. I did, on the other hand, get a new computer. But then I spent 3 extra hours after work getting the apps I use on it. Oh wait, I forgot Ethereal. Dang it. I did not reinstall SP2 on the new machine. I'll sit tight and wait for IT's blessing. So much for being on top of Windows security.

But hey, the old machine was a 800MHz Pentium III w/512MB RAM and the new one's a 2.8GHz P4 w/1GB RAM. I'll live.

Windows 2000 Certificate Authority and Apple Safari

Windows Servers can act as a certificate authority. (More info: http://www.serverwatch.com/tutorials/article.php/1473961) I have Windows 2000 Server running at home in a VirtualPC machine on my Mac. I fire it up, turn on the certificate authority, and then try to browse to http://servername/certsrv so that I can request and download a user certificate. Doesn't work in Safari. I can't log in to the site. Works fine in Firefox.

So, I mess around with settings. Perhaps Safari's trying to use some braindead version of NTLM authentication rather than basic authentication. Nope.... the tcpdump output I captured shows it isn't. Hrm... well, what if I use the Safari debug menu (http://www.macosxhints.com/article.php?story=20030110063041629) to change my User-Agent so that IIS thinks I'm using Mozilla, or IE6 on Windows? Nope, still doesn't work.

Finally, I go into the event log and see this gem:

Event Type: Warning
Event Source: W3SVC
Event Category: None
Event ID: 100
Date: 8/2/2004
Time: 9:30:50 PM
User: N/A
Computer: WIN2KSERVER
Description:
The server was unable to logon the Windows NT account 'bernielab\berniec' due to the following error: Logon failure: the user has not been granted the requested logon type at this computer. The data is the error code.

Safari's truly doing something wacky. I have no clue why IIS thinks Safari is trying to log on to the server (which happens to be the domain controller). Firefox doesn't pull this kind of tomfoolery!

I eventually had to go into Domain Controller Security Policy -> Local Policies -> User Rights Assignment -> Log on locally. In there, I added the "berniec" account to the list of users that are allowed to log in locally to the domain controller. I shouldn't have had to do this - ordinary users should have no rights to log into a domain controller. Hrm, stupid Apple.

So, after that, I finally was able to request and download a certificate. You can't directly import user certificates into Safari, but you can import them into a user's Keychain for future use by Safari. That part worked great. Keychain had zero problems importing the cert that was issued by the Windows CA. Hoorah.

Beware of M$ software updaters...

I can say I've never had a problem with a software updater from Microsoft, until today. I've used updaters on Windows and Macs, and all of the Windows updaters have been great. The Mac updaters also have been great, but the Office v.X 10.1.1 updater is a piece of crap, without a doubt.

I'd been following the reviews at Versiontracker, and they weren't encouraging, to say the least. Lots of people were reporting problems getting it installed, with missing library issues, and wiped out Office install directories. Well, I bit the bullet, and installed it on my iMac G4/800. It went fine, surprisingly. I was pleased.

My PowerBook's at work, so I went to work and installed it on that. Blammo, it fucked up my Office install. First I got a privileges problem with the installer. In that process, the Office Component Library got wiped out. Since I'm at work at the moment, and I don't have my Office CD, I use AFP to connect to my iMac at home. Grabbed the component library again. I decided I'd try to install SR1 again. Didn't work, that wiped out Word and Excel, leaving the original files in the trash. Well, at this point, all I could do was drag my Office folder to the trash.

Similar problems occurred on my girlfriend's PowerMac. To make a long story short - if you have these problems, there's a very simple way to get back to a working installation of Office:

1. Delete your current Office folder
   
2. Install office from the Office CD
   
3. Install SR1
   
4. Install 10.1.1 update
   

It seems that there's a problem with the 10.1.1 in the way it sees installed permissions. One person on VT said that the updater expects that the user installing the update must also have installed Office and SR1. And the installer doesn't require admin access, so OS X network admins be aware: you could have users installing this update really screwing shit up.

Long story short, be wary of any updater, M$ or not. At least this update didn't delete all of my hard drive.